Installing OpenBSD 7.4 on a MilkV Mars

Leave a reply

Here are some instructions for getting OpenBSD 74 running on a MilkV Mars (V1.11).

You will need:

  1. SD card at least 8GB
  2. An USB TTL serial adapter
  3. A second machine to interact with the MilkV Mars over serial
  4. An Ehternet cable and able connection to a tftp server

The original idea came from " Installing OpenBSD 7.3-current on a VisionFive2" , You can also check this instruction for references.

Steps

  1. Download miniroot.img 7.4 from OpenBSD.
  2. Donwload special DTB made by jh7110-starfive-visionfive-2-v1.3b.dtb and upload it to tftp server (my are 10.0.0.21)
  3. Flash this miniroot.img into SD card
  4. Boot the Mars and hit any key during U-Boot, now you can hit any keys during boot up
--------EEPROM INFO--------

In:    serial
Out:   serial
Err:   serial
Model: Milk-V Mars
Net:   eth0: ethernet@16030000, eth1: ethernet@16040000
switch to partitions #0, OK
mmc1 is current device
found device 1
bootmode flash device 1
** Invalid partition 3 **
Couldn't find partition mmc 1:3
Can't set block device
** Invalid partition 3 **
Couldn't find partition mmc 1:3
Can't set block device
Hit any key to stop autoboot:  0
StarFive #
  1. Uboot setup ip and load DTB file by
dhcp; setenv serverip 10.0.0.21; tftpboot ${fdt_addr_r} jh7110-starfive-visionfive-2-v1.3b.dtb

load mmc 1:1 ${kernel_addr_r} efi/boot/bootriscv64.efi; bootefi ${kernel_addr_r} ${fdt_addr_r}
  1. That's It! Now you can boot with OpenBSD and do install by normal process

OpenBSD 7.4 on MilkV Mars

p.s. In OpenBSD sysctl hw.perfpolicy=high to enable performance mode.

Go riscv64 FMA optimazation notes

Leave a reply

FMA, which is short for fused multiply–add, use lots by math in Go compiler and standard library.
I found that Go 1.20 did some riscv64 support for FMA, however, when I'm trying to add test cases for FNMA x * y - z or FNMS -x * y + z.
The binary output always different with my expectation and test cases in math always failed.

At first, I thought that is floating point error since floating point number follows IEEE-754, 2008 edition which allows minor errors within 1e-16 i.e. "veryclose" in math test cases.
However, when I implement the same algorithm for 32 bits FP, there is far more error than it should be.

After my carefully search on SSA code generator, I found that FMA SSA for riscv64 will invert FMA into FNMX if multiplier or adder is negative.

(F(MADD|NMADD|MSUB|NMSUB)D neg:(FNEGD x) y z) && neg.Uses == 1 => (F(NMADD|MADD|NMSUB|MSUB)D x y z)

This SSA will convert FMADDD into FNMADD, unfortunately according to RISCV manual, this is wrong.
In the manual
FMADD means

x * y + z

FNMADD means

 - x * y - z

instead of original CL thought FNMADD should be implemented as

x * y - z

Then I commit a CL that fix this issue for good with some test cases.
https://go-review.googlesource.com/c/go/+/506575

原神 x 编程: 基于丘丘语的编程语言MITA

Leave a reply

各位旅行者好~ Olah Odomu!

著名丘丘语言学家,艾拉马斯克,在近日的研究中发现丘丘人正在通过一种特殊的编程语言试图重新控制提瓦特大陆上的遗迹守卫。他们的目的尚不明确,且此语言仍是草稿阶段,因此,暂时定名为 MITA ( Machine Instruction for Teyvat Automaton )意为“提瓦特自律机关机器指令”。

艾拉马斯克试着将其抄写出来并使用了地球科技 Go 语言进行了实现并分享在了 Github 上。

https://github.com/mitalang/mita

https://ngabbs.com/read.php?tid=39515586

例如,布尔值:

真(肯定) da
假(否定) nye

部分自然数

1 unu
2 du
3 unu du
4 du du
5 mani

由于丘丘语没有很多人类自然语言对应的抽象概念,而 “多个丘丘语单词可以组合成一个词组,以表达新的概念。丘丘语还有类似古汉语的词类活用现象,一个单词在不同语境下可以作名词或形容词”[1],我们可以对需要构建的词做出组合调整。因此该编程语言可能会在丘丘语研究员“艾拉 马斯克”有新研究后给出相应调整。

  • upa 汇聚, 即LISP中的“拼接”关键字 cons
  • muhe 想要,喜欢,即“想要特定功能”,可以设定成函数定义的抽象定义(defn
  • lawa 首领,可推导出“第一个”的意思,名词做动词,“取第一个”
  • kucha 弱小,既然不是第一,那就是剩下的东西,“取剩下的”
  • celi 火,因celi upa指代太阳,名做动理解成“升起”,可代替数学的“加”
  • movo 风、移动,可代替数学的“减”
  • shato 相似?,四舍五入就是等于
  • nyeshato 否定+相似(自造),不等于
  • abaabashato,时间在之前,套用过来就是小于,加上shato就是小于等于
  • untauntashato,时间在之后,套用过来就是大于,加上shato就是大于等于

她表示MITA中语法部分最独特是 lakucha ,大家都知道 lawa 在丘丘语中为首领的意思,而 kucha 为弱者(引申为随从),而当 lakucha 组合起来后,就形成了先取第一个元素( sada )再取后面的元素。

(lalalakukucha '((1 2) (3 4) ((5 6)) (7 8)))

将返回 5

其他更有趣的例如斐波那契数列,但由于丘丘语没有 0 的表达,因此艾拉本人还是使用了人类的 0.

(muhe(
        (yafib (mita (si)
                (dala ((shato si 0) 0)
                        (da (dala ((aba si du) unu)
                                (da (celi (yafib(movo si du)) (yafib(movo si unu))))
                        ))
                )
        ))
))

好了,目前就是艾拉的发现的MITA语言,欢迎大家移步项目地址进行讨论,mita dada!

ESXI 6.7 安装RAID1记录

Leave a reply

因为最近树莓派的nVME因为突然断电数据损坏了,所以捡个垃圾的块带电池的RAID 卡,给自己的esxi机器整上,毕竟现在重要数据都在上面了……总不能真的All in one,断电后就全部嗝屁了吧。买了2块1TSSD,组个SAS 8087 RAID1。配置如下:

  • CPU:10 CPUs x Intel(R) Xeon(R) W-2150B CPU @ 3.00GHz
  • 主板:Supermicro X11SRM-F 单路
  • RAID卡:Adaptec 6805T 512MB Cache 6G SAS
  • ESXI:ESXI6.7

开机后按Ctrl+A,开启RAID BIOS

选择Create Array,设定对应的RAID类型,我这里选了RAID1

注意这里一定要启用两个Cache,要不然速度只有20M/s。保存并重启后,你会发现ESXI6.7 还识别不出来,这是因为没有驱动,得自己装……一顿搜索才找到,为了以后哪个倒霉蛋不要跟我一样找半天,我先扔这里了aacraid-6.0.6.2.1.57013-11 959565.zip。这下终于出来了。

倒是装上RAID之后,我发现磁盘性变得很奇怪……

小文件读写特别差,但是大文件又爆炸的好,我测试的是(1G文件读写,RAID才512M缓存),vmfs 6的磁盘格式(块1M),调整了RAID的读写模型成OLTP/DB 反而更差,希望有人能指出为啥

受不了老RAID的性能了,全部换成LSI2308 的raid卡了,但是性能惨不忍睹,BIOS自带的设置里并没有WriteCache,一顿搜索后发现了这个宝藏文章和lsiutil这个工具,可以拿来开启LSI RAID的写缓存!不过这个预先要求有mpt2sas这个驱动。

Enabling WriteCache on LSI RAID adapters

先安装mpt2sas,允许安装社区的驱动,使用下面的ssh命令,注意:必须用全路径(esxi装软件奇怪的要求)

esxcli software vib install -v <到驱动的全路径>/scsi-mpt2sas-20.00.01.00-1OEM.550.0.0.1331820.x86_64.vib

Installation Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true
   VIBs Installed: Avago_bootbank_scsi-mpt2sas_20.00.01.00-1OEM.550.0.0.1331820
   VIBs Removed: VMW_bootbank_scsi-mpt2sas_19.00.00.00-2vmw.670.0.0.8169922
   VIBs Skipped:

安装好,重启后,使用./lsiutil来变更writecache设置


LSI Logic MPT Configuration Utility, Version 1.71, Sep 18, 2013
sh: /sbin/modprobe: not found
mknod: /dev/mptctl: Function not implemented

1 MPT Port found

     Port Name         Chip Vendor/Type/Rev    MPT Rev  Firmware Rev  IOC
 1.  ioc0              LSI Logic SAS2308 D1      200      14000700     0


# 输入21,选择RAID 操作
21.  RAID actions


# 输入32,选择变更RAID设置
RAID actions menu, select an option:  [1-99 or e/p/w or 0 to quit] 32

Volume 0 is DevHandle 011d, Bus 1 Target 1, Type RAID1 (Mirroring)
Volume 1 is DevHandle 011e, Bus 1 Target 0, Type RAID1 (Mirroring)

# 输入0,选择对应RAID盘
Volume:  [0-1 or RETURN to quit] 0

  Volume 0 Settings:  write caching enabled, auto configure hot swap enabled
Volume 0 draws from Hot Spare Pools:  0

Write caching:  [0=Disabled, 1=Enabled, 2=MemberControlled, default is 1]
# 输入1,打开Write Cache!

用oauth2-proxy和Github保护istio服务

Leave a reply

在AWS EKS用上了istio后,部署服务很方便,但是我发现不少应用没有自带账号验证机制(比如jaeger),而很多数据信息比较敏感,那怎么办呢?Keycloak又太复杂了,这就想到了Github账号机制来管理,那要是能整合到istio里就太好了~说干就干

首先配置Github的应用App (官方文档),记好Client ID 和 Client secret,等回会用到。

配置好应用的oauth2 callback地址,比如 https://example.com/oauth2,等下istio需要配置对应的service。接着就是安装和配置oauth2-proxy(helm)

configuration:
  clientID: "xxxxx" #刚才的Github Client ID 
  clientSecret: "xxxxxxxxxxxxxxxxx" # 刚才的Github Client Secret
  ## 用这个命令生成一段随机的secret 
  ## openssl rand -base64 32 | head -c 32 | base64
  cookieSecret: "xxxxxxxxxxxxxxxxxxxxxxxx="
extraArgs:
  [
    "--provider=github", # provider 我们选github
    "--github-org=example", # 组织填入自己的组织名,还有其他验证范围可选,具体可以看文档
    "--scope=user:email", # 这个是oauth-proxy的bug……不加上会不停的重定向
    "--upstream=static://200", # 也是不加上就不停重定向的bug
    "--pass-authorization-header=true",
    "--pass-user-headers=true"
  ]

github-org这个配置可以改成你需要的验证方式,具体可以看oauth2-proxy官方文档(链接)。回到我们的istio配置上,给整个istio添加自定义的extensionProvider,让Github 的 AuthorizationPolicy能跑通。有点懵了是吧,我画了张不太准确的图帮助理解

oauth2-proxy大致的流程图

kubectl edit configmap -n istio-system istio 编辑istio的配置,最后大概长这样,注意里面的注释说明

apiVersion: v1
data:
  mesh: |-
    defaultConfig:
      discoveryAddress: istiod.istio-system.svc:11111
      proxyMetadata: {}
    enablePrometheusMerge: true
    rootNamespace: istio-system
    trustDomain: cluster.local
    # 上面的都是原来的配置,不要改,关键是下面这个
    extensionProviders:
    - name: "gh-example-oauth2" # 要记得这个名字,等会儿会用到
      envoyExtAuthzHttp:
        # 这里要指向你自己的oauth2-proxy安装的service,我这里是放在oauth2-proxy这个namespace下
        service: "gh-oauth2-proxy.oauth2-proxy.svc.cluster.local"
        port: "80" # 这个是helm安装的默认端口(kubeapp也是)
        includeRequestHeadersInCheck: ["authorization", "cookie"] # 这三个必须和我的一样
        headersToUpstreamOnAllow: ["authorization", "path", "X-Auth-Request-User", "X-Auth-Request-Email", "X-Auth-Request-Access-Token"]
        headersToDownstreamOnDeny: ["content-type", "set-cookie"]

然后再配置istion的virtual service,让服务整个跑起来,同样注意我里面的注释,官方的文档写得太文绉绉,喜欢的也可以去读一下(链接)

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: example-vs
  namespace: example-ns #应用自己的namespace
spec:
  hosts:
  - "jaeger.example.com"
  gateways:
  - example-gw # 之前安装istio时的gateway
  http:
  - match: # 这里保持和github里的一致
    - uri:
        prefix: /oauth2
    route:
    - destination:
        host: gh-oauth2-proxy.oauth2-proxy.svc.cluster.local # oauth2的安装svc地址
        port:
          number: 80
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: jaeger.app.svc.cluster.local # jaeger的svc地址
        port:
          number: 8080
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: jaeger-github-oauth2
  namespace: example-ns
spec:
  selector:
    matchLabels:
      app.kubernetes.io/component: query #重要!不要填错了,匹配不上不会生效的
      app.kubernetes.io/name: jaeger
  action: CUSTOM
  provider:
    name: "gh-example-oauth2" # 跟istio配置里的extensionProviders保持一致
  rules:
  - to:
    - operation:
        # 注意是精确匹配的!!要加通配符才能前缀匹配
        paths: [ "/*"]

kubectl apply之后,重启istio,访问你的应用,看到这个就成功啦~

参考: https://medium.com/@lucario/istio-external-oidc-authentication-with-oauth2-proxy-5de7cd00ef04